Google To Warn Users About State-Sponsored Attacks

Max Smolaks,

New notification system launches as malware developed by governments becomes commonplace

From Tuesday, users of Google services who are believed to be the target of state-sponsored cyber-attacks will be receiving notifications about possible threats and suggestions on how to improve security.

Google will issue these alerts based on “specific intelligence” coming from its laboratories and user reports.

Cold cyber-war

In the last few years, the idea that nation states will use malware to wage wars has crossed from the realm of Sci-Fi and into reality. The UK, US and Japan are building their own cyber-weapon stockpiles, while Eugene Kaspersky has warned that world governments need a cyber-weapons convention like those for chemical and nuclear arms.

China has been both accused of, and a alleged victim of a number of high profile hacker attacks, while a recent book claimed Stuxnet was a joint project between US and Israel. Nation states were also  blamed for the creation of Flame, described as “the most sophisticated cyber weapon yet unleashed”.

Google has decided to take steps to inform users when a suspected state-sponsored cyber-attack is taking place. When the “intelligence” suggests foul play, the following message will appear at the top of the page: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.” It will be accompanied by a link, leading to a list of measures users can take to secure their account.

Seeing this warning does not necessarily mean that the user’s account has been compromised by Chinese hackers, but it suggests a phishing or malware attack might be in progress, and to remain safe, it wouldn’t hurt to take additional precautions.

If a user sees the notification, Google also recommends creating a new, more secure password, enabling two-step verification and making sure their browser, operating system, plugins and document editors are all up to date.

The tech giant also warned about websites masquerading as Google sign-in pages in order to steal login details, noting that any legitimate page would include https://accounts.google.com/ in the address bar.

“You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis – as well as victim reports – strongly suggest the involvement of states or groups that are state-sponsored,” said Eric Grosse, vice president of security engineering at Google.

Do you know Google’s secrets? To find out, take our quiz!